Akamai Diversity

The Akamai Blog

Security Methods to Prevent Identity Breaches

Protecting against online crime and fraud in an interconnected, cross-device world is more challenging than ever for companies transacting valuable assets with other companies over the Internet, selling products or information in a web application, or under regulatory compliance mandates.

Online criminals are utilizing increasingly sophisticated techniques to gain access to valuable assets, and securing against these threats doesn't end at protecting the front door. It requires layered defenses and shared security intelligence that looks well beyond IP address, geolocation, and trusting customers' antivirus.

With Akamai, organizations can enable users to register and sign in using the identities they have already established with Facebook, Google, Instagram or LinkedIn, thereby utilizing these top identity providers' existing state-of-the-art security measures.

For organizations that require deeper levels of security, there are additional strategies that can be deployed to protect the business and customers from online crime and fraud, including two-factor authentication, threat detection, and fraud detection.

Two-Factor Authentication

One-factor authentication involves something a user knows, typically a password. Passwords can be a secure method provided customers are creating strong ones and changing them frequently. But that approach creates its own set of problems. Even the strongest passwords can be intercepted and captured through a variety of methods, though one-time passwords can be used to enhance the security of the one-factor method.

Two-factor authentication takes one-factor and adds something a user has, significantly improving authentication security. Customers are familiar with this method. For example, whenever you visit the ATM, you're using two-factor authentication by inserting your bank card (the thing you have) and inputting your PIN (the thing you know).

Online, two-factor authentication can involve a digital certificate (when accessing a VPN for example), a physical token, or a tokenless approach where customers access a website by using an app on their verified mobile device to authenticate their identity.

Threat Detection

Depending on the needs of the organization, security threats can be detected and risks mitigated through a variety of methods.

Device identification helps organizations validate returning customers for online access and transaction requests by detecting device attributes and anomalies. If a device has been compromised, risk mitigation actions can be taken based on the requirements of the organization and type of transaction.

Threat detection also involves the ability to detect, assess, and act on desktop, laptop, and mobile devices that have been compromised by botnets deployed from IP-masking proxies and VPNs, malware or OS-level rootkits surreptitiously installed on poorly-protected customer devices, and man-in-the-middle attacks that intercept sessions and inject new messages that pose as authentic interactions in order to hijack authentication keys and obtain other personal data.

This data can also be aggregated with other transactional data to create accurate risk assessment tools for all kinds of application requests.

What's an Enterprise to Do?

Through social login, organizations can rely on the top identity providers state-of-the-art identity verification methods, systems, and full-time security teams. By enabling account creation through a major player like Facebook, Google, Instagram or LinkedIn, there are substantial security advantages of social login.